Configuration Guide Configuring ACL
sw1(config-std-nacl)# deny 10.1.1.0 0.0.0.255
sw1(config-std-nacl)# permit any
sw1(config-std-nacl)# exit
sw1(config)#int gigabitEthernet 0/2
sw1(config-if-GigabitEthernet 0/2)# ip access-group ip_std_internet_acl out
Within the time range between 12:00 and 13:30, visit the Baidu website on a PC of the R&D
department. Verify that the website can be opened normally.
Beyond the time range between 12:00 and 13:30, visit the Baidu website on a PC of the R&D
department. Verify that the website cannot be opened.
sw1#show time-range
time-range entry: access-internet (inactive)
periodic Daily 12:00 to 13:30
sw1#show access-lists
ip access-list standard ip_std_internet_acl
10 permit 10.1.1.0 0.0.0.255 time-range access-internet (inactive)
20 deny 10.1.1.0 0.0.0.255
30 permit any
sw1#show access-group
ip access-group ip_std_internet_acl out
Applied On interface GigabitEthernet 0/2
11.4.7 Configuring Comments for ACLs
Configuration Effect
During network maintenance, if a lot of ACLs are configured without any comments, it is difficult to distinguish these ACLs
later on. You can configure comments for ACLs to better learn about the intended use of ACLs.
Configuration Steps
Configuring an ACL
(Mandatory) Configure an ACL before configuring the security channel. For details about the configuration method, see
the earlier descriptions.
You can configure this ACL on an access, an aggregate, or a core device based on the distribution of users. The
configurations take effect only on the local device, and do not affect other devices on the network.
To Next Page
Loading...
Need help?
General
